OSSF Scorecard

[GaryPWhite]

Description

I'd like to use OSSF's scorecards for git-parse to give an idea outwardly of our vulnerabilities, and how we do in keeping up the project over time.

We can set this up in a bespoke part of the GitHub scanning suite, see link provided for details.

What's the benefit of this feature?

Widely available and adopted scoring of our project in how it's security vulnerabilities are addressed will make this project more attractive and reliable for our downstream consumers.

Possible Implementation (optional)

Installation instructions here, happy to do it myself if nobody picks this up, or should be an easy contribution!